User login like facebook by email or userid and password in C# using sql data reader?

Question

I want to build login system in C# and using sql Data reader, like Facebook, user can login to its account by using Email or UserID and Password. I wrote this code but does not working what is my problem or can you recommending.

 sql = "select * from Users_tbl WHERE (([Email] = @EmailParam) OR ([UserID] = @UserIDParam) AND ([Password] = @PasswordParam))";

SqlCommand cmd = new SqlCommand(sql, con);

SqlParameter uemail = new SqlParameter("@EmailParam", SqlDbType.NVarChar, 80);
                    uemail.Value = txtEmailUserID.Text.Trim().ToString();
                    cmd.Parameters.Add(uemail);

SqlParameter userid = new SqlParameter("@UserIDParam", SqlDbType.NVarChar, 50);
                    userid.Value = txtEmailUserID.Text.Trim().ToString();
                    cmd.Parameters.Add(userid);

SqlParameter upass = new SqlParameter("@PasswordParam", SqlDbType.NVarChar, 80);
                    upass.Value = txtPassword.Text.Trim().ToString();
                    cmd.Parameters.Add(upass);

 SqlDataReader dr = cmd.ExecuteReader();

while(dr.read())
{
// session variables
}

Answer 1

Try adding an extra bracket like this

var sql = "select * from Users_tbl WHERE ((([Email] = @EmailParam) OR ([UserID] = @UserIDParam)]) AND ([Password] = @PasswordParam))";

Answer 2

This seems too simple. Try to experiment. Select the database. List the tables. Create the same type of query with the same input parameters using SQL management studio or LINQ-to-EF. At some point the problem will surface. Good luck.

I also looked at the operator precedence which does not appear to be the problem: http://technet.microsoft.com/en-us/library/ms190276.aspx